ZeroData Tools
Tools
JSON Formatter Format and validate JSON instantly with no uploads, no server calls, and no stored data. JSON Validator Validate JSON instantly before deploys with local processing and zero server calls. YAML Validator Validate YAML files and catch indentation errors instantly with no uploads or backend processing. Base64 Encoder Encode or decode Base64 strings instantly with zero uploads. URL Encoder Encode and decode query parameters locally for APIs, redirects, and forms. HTML Formatter Pretty-print messy markup and inspect structure without exposing page code. CSS Minifier Shrink stylesheets for production with browser-only processing and instant output. JavaScript Beautifier Reformat dense JavaScript into readable code locally for debugging.

SSH Command Builder

Create complex ssh terminal strings visually. Add port forwarding tunnels, private keys, bastion jump hosts, and advanced options — 100% browser-based, zero data uploads.

Advertisement

🌐 Connection Target

🔑 Keys & Gateways

Port Tunnels

No tunnels configured. Click '+ Add Tunnel' to route traffic.

Parameters & Flags

How ZeroData protects your privacy

  • No Uploads: Processing happens entirely via client-side JavaScript.
  • No Storage: We do not have a database. We physically cannot save your data.
  • No Tracking: We don't log what you process or track your inputs.
  • Verifiable: Check your DevTools Network tab. You will see 0 outbound requests.

What Is SSH Port Forwarding and Why Use a Command Builder?

Secure Shell (SSH) is the industry-standard protocol for encrypted remote access to Linux and Unix servers. While a basic SSH connection is straightforward (ssh user@host), real-world engineering workflows frequently require combining multiple flags — port forwarding tunnels, identity key paths, bastion jump hosts, verbosity levels, and connection keep-alive settings. A single misplaced flag causes connection failures that are frustrating to debug.

This visual SSH Command Builder compiles the correct command string from your selected options in real time, eliminating flag typos and argument order mistakes. The output is a ready-to-paste terminal command covering local forwarding, remote forwarding, SOCKS dynamic proxies, and jump host chains.

SSH Port Forwarding Types Explained

  • Local Forwarding (-L localPort:remoteHost:remotePort): Binds a port on your local machine and tunnels traffic through the SSH connection to a host reachable from the remote server. The classic use case is accessing a private database (e.g., PostgreSQL on localhost:5432 of a backend server) from your development machine without exposing it to the public internet. Example: ssh -L 5432:localhost:5432 [email protected]
  • Remote Forwarding (-R remotePort:localHost:localPort): Binds a port on the remote server and tunnels traffic back to your local machine. This is invaluable when you need to expose a locally running development server (e.g., localhost:3000) to a colleague or a webhook provider, without deploying to a staging environment.
  • Dynamic SOCKS Proxy (-D localPort): Turns your SSH connection into a SOCKS5 proxy server. Configure your browser or application to use localhost:localPort as a SOCKS proxy, and all traffic is routed through the remote server. This effectively lets you browse internal network resources or bypass geo-restrictions as if you were sitting on the remote server.

Jump Hosts and Bastion Servers (-J)

Enterprise and cloud environments often place production servers inside private Virtual Private Clouds (VPCs) with no direct public internet access. To reach them, you must first connect to a publicly accessible bastion host, and then hop to the target server. The modern -J flag (introduced in OpenSSH 7.3) handles this in a single command: ssh -J [email protected]:22 [email protected]. Multiple jump hosts can be chained with commas, e.g., -J bastion1,bastion2.

Key SSH Flags Reference

  • -i ~/.ssh/id_rsa — Specify a private key identity file for public-key authentication.
  • -p 2222 — Connect to a non-default SSH port (default is 22).
  • -C — Enable compression for low-bandwidth connections or slow networks.
  • -N — Do not execute a remote command. Useful when the sole purpose is port forwarding.
  • -f — Fork the process to the background after authentication. Often paired with -N for persistent tunnel daemons.
  • -o ServerAliveInterval=60 — Send keep-alive packets every 60 seconds to prevent idle session disconnection.
  • -o StrictHostKeyChecking=no — Disable host key verification. Useful in CI/CD pipelines with ephemeral servers, but should never be used in production.
  • -v / -vv / -vvv — Increase verbosity for debugging connection and authentication failures.

Security Best Practices for SSH Connections

Always use public-key authentication rather than passwords. Your private key file must have permissions set to 600 (chmod 600 ~/.ssh/id_rsa) — SSH clients will refuse to use keys that are world-readable. For production servers, disable password authentication entirely in /etc/ssh/sshd_config by setting PasswordAuthentication no. When running background tunnels (-f -N), track the process ID and terminate orphaned tunnel processes to avoid port conflicts.

100% Client-Side Privacy

None of your SSH details — usernames, IP addresses, domains, private key paths, port numbers — are transmitted or stored on any server. The command compilation is done completely in memory within your web browser. You can inspect the network activity using your browser's Developer Tools Network tab to verify that this utility operates entirely offline after the initial page load.

How to Use the SSH Command Builder

  1. Enter the host IP or domain, SSH port (default 22), and remote username.
  2. Specify an Identity File (-i) path if using SSH key pair authentication.
  3. Add port forwarding rules (Local, Remote, or Dynamic tunnels) in the tunnel manager.
  4. Select advanced flags such as compression, keep-alive, or disabling host checks.
  5. Click 'Copy Command' and paste it directly into your terminal.

Common Use Cases

  • Creating SSH tunnels for local database access (e.g., forwarding local port 5432 to a private server).
  • Configuring SOCKS proxy chains for secure web browsing through a remote server.
  • Routing SSH traffic through secure bastion hosts or jump boxes in enterprise environments.
  • Setting up remote tunnels to expose local web servers to the internet temporarily.
Advertisement

Frequently Asked Questions

What is an SSH command builder?

An SSH command builder is a visual tool that helps you construct complex ssh command-line strings. By selecting options for ports, keys, local/remote tunnels, jump hosts, and security overrides, you can generate a complete terminal command without memorizing obscure flags.

What is the difference between Local (-L), Remote (-R), and Dynamic (-D) port forwarding?

Local forwarding (-L) routes traffic from your local machine to a remote server. Remote forwarding (-R) routes traffic from a remote server to your local machine. Dynamic forwarding (-D) turns your SSH connection into a SOCKS proxy, routing all browser or application traffic through the target server.

How does the Jump Host (-J) option work?

A Jump Host (also called a bastion host) acts as an intermediary gateway. If your destination server is behind a private subnet, you can route your connection through a public-facing bastion server using the -J flag (e.g. ssh -J bastion-user@bastion-ip target-user@target-ip). Multiple jump hosts can be chained with commas.

Is it safe to configure my SSH details here?

Yes. The generator runs 100% client-side in your browser. No connection details, IP addresses, usernames, ports, or keys are sent to any server. Your configuration is entirely private.

How do I run the generated command?

Once you click 'Copy Command', open your terminal (on Linux, macOS, or WSL/Git Bash on Windows) and paste it. Ensure any specified identity files (private keys) have secure permissions (e.g., chmod 600 ~/.ssh/id_rsa) — SSH will refuse to use world-readable key files.

How do I set correct permissions on an SSH private key?

Run 'chmod 600 ~/.ssh/id_rsa' (or the path to your key file) in your terminal. SSH client enforces that private keys are readable only by the owner. If permissions are too open (e.g., 644), the connection will fail with a 'Permissions are too open' error.

How do I run an SSH tunnel persistently in the background?

Combine the -f (fork to background) and -N (no shell) flags: 'ssh -f -N -L 5432:localhost:5432 user@host'. To stop it later, use 'lsof -ti:5432 | xargs kill' to find and kill the process holding that local port.

Explore more ZeroData utilities

Related Tools

Systemd Service Generator

Generate Linux systemd service unit files visually. Configure ExecStart, restart policies, and dependencies — 100% browser-based.

SSH Config Generator

Build SSH config file entries visually. Host aliases, identity files, jump hosts, and port forwarding — 100% browser-based.

SSH Key Generator

Generate RSA 2048-bit or 4096-bit SSH key pairs in your browser. Private key in PKCS#8 PEM format, public key in OpenSSH authorized_keys format — 100% browser-based, zero uploads.

© 2026 ZeroData Tools. All rights reserved.